Chapter 3. Switching a database to read-only mode

Databases of Directory Server run in read-write mode by default, in which users can both retrieve and store data.

When you need a faithful image of a database at a given time, for example before a backup or before a manual initialization of a consumer, you may switch a database to read-only mode that prevents users from creating, modifying, or deleting entries.

3.1. Prerequisites

  • The database is in read-write mode.
  • The database is not used in replication, since enabling read-only mode disables replication.

3.2. Switching a database to read-only mode using the command line

This procedure instructs you how to switch a Directory Server database to read-only mode on the command line.

Procedure

  1. List the suffixes and their corresponding databases: 

    # dsconf -D "cn=Directory Manager" ldap://server.example.com backend suffix list
dc=example,dc=com (userroot)
o=test (test_database)

    Note the name or suffix of the database that you want to switch.

  2. Enable read-only mode with the --enable-readonly parameter and specify the database either by name or suffix: 

    # dsconf -D "cn=Directory Manager" ldap://server.example.com backend suffix set --enable-readonly "test_database"

Verification

  • Attempt a write operation to the directory, such as: 

    # ldapmodify -D "cn=Directory Manager" -W -H ldap://server.example.com -x
dn: dc=example,dc=com
changetype: modify
add: description
description: foo

    The server should refuse to perform. 

    modifying entry "dc=example,dc=com"
ldap_modify: Server is unwilling to perform (53)
	additional info: Server is read-only

Additional resources

3.3. Switching a database to read-only mode using the web console

This procedure instructs you how to switch a Directory Server database to read-only mode in a browser.

Prerequisites

  • You are logged in to the instance in the web console.

Procedure

  1. Under Database, select the suffix in the configuration tree.
  2. Check the Database Read-Only Mode option.
  3. Click Save Configuration.

Verification

  • Attempt a write operation to the directory, such as: 

    # ldapmodify -D "cn=Directory Manager" -W -H ldap://server.example.com -x
dn: dc=example,dc=com
changetype: modify
add: description
description: foo

    The server should refuse to perform. 

    modifying entry "dc=example,dc=com"
ldap_modify: Server is unwilling to perform (53)
	additional info: Server is read-only

3.4. Additional resources